Android's Sideloading Lockdown Explained with Cameron, Dave, and Sean 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Android application sideloading is changing. What does this mean? Join security consultants Cameron Cartier, Dave Blandford, and Sean Verity on a free one-hour webcast about recent Google initiatives aimed to lock down Android sideloading. We will talk about what this means, how we got here, and why it matters. Topics range from the "Keep Android Open" initiative to how different currencies impact the cost of an app. Plus a few neat Android features sprinkled into the presentation! Chat with your fellow attendees in the Antisyphon Discord server: https://discord.gg/bhis in the #🔴live-chat channel

Originally from BHIS: Android's Sideloading Lockdown Explained with Cameron, Dave, and Sean ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch

Validating Thousands of Credentials at Scale: Lessons from Six Months of Identity Exposure Management By Mark MacDonald, Director of Product Marketing Six months ago, we launched Identity Exposure Management (IEM), a solution that pairs Flare’s world-class database of stealer logs, leaked credentials, and related identity exposures with automated validation and remediation through integration with the customer’s Microsoft Entra ID environment. Since then, over 100 organizations have deployed it in […] The post Validating Thousands of Credentials at Scale: Lessons from Six Months of Identity Exposure Management appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: Validating Thousands of Credentials at Scale: Lessons from Six Months of Identity Exposure Management ( :-{ı▓ #flare #CTI #cyberresearch

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social engineering to bypass macOS security protections and steal credentials, cryptocurrency assets, and sensitive data. The post Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise appeared first on Microsoft Security Blog.

Originally from MS Threat Intel: Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise ( :-{ı▓ #CTI #cybersecurity #cyberresearch

The Game Is Over? Gamification of Infosec - Security Noise Ep 8.14 What if learning cybersecurity felt less like a compliance checkbox and more like an adventure? In this episode, Geoff and Skyler sit down with two special guests to explore how gamification is revolutionizing the way people learn about security tactics and concepts. TrustedSec’s Senior Security Consultant Travis Kaun drops in to talk about his latest community offering: Dungeons and Daemons, a web-based RPG that simulates a “live” engagement as a Red Teamer. We are also joined by Tim Doerges who is Lead Developer of Backdoors & Breaches at Black Hills InfoSec to talk about how this incident response card game has taken off since its launch and what developments are on the horizon. Watch to see demos of these games and get a better understanding of why the future of cybersecurity education be through gamified experiences. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Find more cybersecurity resources on our website at https://trustedsec.com/resources. Resources: Backdoors and Breaches - https://www.blackhillsinfosec.com/tools/backdoorsandbreaches/ Dungeons and Demons - https://dnd.trustedsec.net TrustedSec - https://trustedsec.com Black Hills Security - https://blackhillsinfosec.com MetaCTF platform - https://metactf.com

Originally from From TrustedSec: The Game Is Over? Gamification of Infosec - Security Noise Ep 8.14 ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Death by Dashboards: Moving the Needle on What Actually Matters | Tim Medin Death by Dashboards: Moving the Needle on What Actually Matters Presenter: Tim Medin, Red Siege Information Security CEO Security teams love dashboards. Vulnerability scanners, compliance tools, and security platforms all promise a “single pane of glass” that shows everything happening across your environment. But when that pane of glass is filled with thousands of findings, how do you know what actually matters? In Death by Dashboards: Moving the Needle on What Actually Matters, Tim Medin breaks down the reality many security teams face every day. Dashboards are packed with issues that look scary but often represent little real-world risk. Think endless TLS findings or compliance driven alerts that technically rank as critical but are nearly impossible to exploit. Meanwhile, the problems that actually matter often get buried in the noise. In this talk, Tim walks through how security teams can move past the overwhelming flood of vulnerability data and start focusing on what truly improves security. He’ll highlight the kinds of issues that rarely show up in standard dashboards but can have a much bigger impact on an organization’s risk. The session also covers how to communicate priorities across teams when the remediation list feels impossible to tackle. Instead of chasing every scanner finding, the goal is to help teams focus on fixes that actually reduce risk and improve security outcomes. If you’ve ever stared at a dashboard with thousands of findings and wondered where to even begin, this talk is for you. Because security isn’t about having the cleanest dashboard. It’s about fixing the things that actually make your environment safer. Antisyphon Training Courses: https://www.antisyphontraining.com/instructor/timmedin/ http://redsiege.com/ #cybersecurity #infosec #vulnerabilitymanagement #securityoperations #riskmanagement #blueteam #securityleadership #cyberdefense ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

Originally from From WWHF: Death by Dashboards: Moving the Needle on What Actually Matters | Tim Medin ( :-{ı▓ #WWHF #BHIS #cyberresearch

BHIS - Talkin' Bout [infosec] News 2026-04-20 Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com 00:00 - PreShow Banter™ — The echo was for celebratory purposes. 05:19 - BHIS - Talkin' Bout [infosec] News 2026-04-20 06:26 - Story #1 - Vercel April 2026 security incident https://vercel.com/kb/bulletin/vercel-april-2026-security-incident 19:51 - Story #2 - 'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison https://abcnews.com/US/addicted-hacking-young-hacker-historic-breach-speaks-1st/story?id=131855776 28:28 - Story #3 - Mythos And The CVSS Problem No One Wants to Talk About (But We Need To) https://www.linkedin.com/pulse/mythos-cvss-problem-one-wants-talk-we-need-john-strand-k3jyc/ 30:02 - Story #4 - Introducing Claude Opus 4.7 https://www.anthropic.com/news/claude-opus-4-7 30:51 - Story #5 - Identity verification on Claude https://support.claude.com/en/articles/14328960-identity-verification-on-claude 37:17 - Story #6 - Apple CEO Tim Cook to step down after more than a decade https://www.cnn.com/2026/04/20/tech/apple-ceo-tim-cook-steps-down 41:41 - Story #7 - Microsoft faces fresh Windows Recall security concerns https://www.theverge.com/report/912101/microsoft-windows-recall-new-security-concerns-response 45:43 - Story #8 - WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs https://www.404media.co/webinartv-secretly-scraped-zoom-meetings-of-anonymous-recovery-programs/ 50:22 - Story #9 - Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit https://www.404media.co/google-microsoft-meta-all-tracking-you-even-when-you-opt-out-according-to-an-independent-audit/ 53:02 - Story #10 - Little Caesars Wants ChatGPT to Order Your Pizza for You https://www.cnet.com/tech/services-and-software/little-caesars-chatgpt-app/ 55:20 - Story 11 - NIST Updates NVD Operations to Address Record CVE Growth https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth 01:01:49 - Promos Workshop: Rapid Endpoint Investigations for Linux and Mac https://www.antisyphontraining.com/product/workshop-rapid-endpoint-investigations-for-linux-and-mac/ ANTI-CAST: Investigating NIX Endpoints for Incident Response with Patterson Cake https://www.antisyphontraining.com/event/anti-cast-investigating-nix-endpoints-for-incident-response-with-patterson-cake/ Threat Hunting Summit https://www.antisyphontraining.com/event/threat-hunting-summit/ Workshop: Cyber Threat Intelligence 101 2 Day Version https://www.antisyphontraining.com/product/cyber-threat-intelligence-101-2-day-version-with-wade-wells/ ANTI-CAST: How to Break Free from the Cybersecurity Burnout Trap with Natalia Samman https://www.antisyphontraining.com/event/anti-cast-how-to-break-free-from-the-cybersecurity-burnout-trap-with-natalia-samman/ Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Originally from BHIS: BHIS - Talkin' Bout [infosec] News 2026-04-20 ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch

Week 16 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and response across email, files, and accounts. From automating phishing remediation to revoking risky OAuth permissions and auditing file shares, we eliminate manual toil. Stop fighting fragmented consoles. Simplify […]

Originally from This Week in 4n6: Week 16 – 2026 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Get Ready for Dungeons & Daemons! Are you in? #hacker #TrustedSec #rpg The building's locked. The network's encrypted. The guards don't know you're already inside. Your mission starts April 16.

Originally from From TrustedSec: Get Ready for Dungeons & Daemons! Are you in? #hacker #TrustedSec #rpg ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Hacks Hackers Hate Built In Bins to Bunk Baddies Hacks Hackers Hate Built In Bins to Bunk Baddies Presenters: Kellon Benson and Mike Devens Adversaries consistently rely on free and built-in tools to carry out attacks because they are readily available and effective. This technical presentation focuses on practical, low-effort ways defenders can harden desktop systems to reduce that abuse without adding cost or complexity. The session covers how to adjust application associations, configure effective local firewall rules, and establish solid baselines before making changes to avoid user disruption. Real-world threat examples are used to show why these attack techniques continue to work and how small defensive improvements can significantly raise the bar for attackers. You’ll also see demonstrations of baselining tools and measurable outcomes that highlight the impact of these changes. Attendees will leave with actionable strategies they can apply immediately to strengthen endpoints and make adversaries think twice. No budget is required. These practical techniques are designed to frustrate attackers and meaningfully improve desktop security. Sign Up for WWHF https://wildwesthackinfest.com/wild-west-hackin-fest-mile-high-2026/ #cybersecurity #infosec #endpointsecurity #defensivesecurity #bluet eam #hardening #securityoperations #wwhf #wwhf2026 00:06 Cybersecurity Talk Intro & Disclaimer 00:24 Why Detection-Based Security Fails (And What Works Better) 01:23 Proactive Defense Framework: Threats, Breakpoints, Controls 02:30 Security vs Usability: Avoid Breaking the User Experience 04:20 Malicious Ads Explained: How Users Get Infected 06:51 Stop Malware at the Source: Ad Blocking Strategy 09:01 Windows Security Hack #1: Block ISO-Based Attacks 13:02 Windows Security Hack #2: Prevent Script Execution (JS, VBA, CMD) 19:03 Block Malware Downloads with Windows Firewall (LOLbins) 22:10 ClickFix Attack Explained + How to Disable Risky Hotkeys 27:26 Lock Down Win+X Menu & Common Implementation Mistakes 30:38 Key Takeaways: Simple Ways to Harden Windows Security 33:03 Resources, Tools & Audience Q&A ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

Originally from From WWHF: Hacks Hackers Hate Built In Bins to Bunk Baddies ( :-{ı▓ #WWHF #BHIS #cyberresearch

Neo v. DIY: The gap between a single finding and a mature security program In our latest webinar, our Founding Solutions Engineer, Davis Franklin, addressed the massive gap between finding a vulnerability with an LLM and running a mature security program. That gap is what Neo is built to close. With the release of Opus 4.6 and the announcement of Mythos, the question we hear constantly has gotten louder: Can I just build this with Claude Code? The short answer is yes. You can spin up a working PoC in about half an hour, find a real vulnerability, and feel genuinely co

Originally from ProjectDiscovery: Neo v. DIY: The gap between a single finding and a mature security program ( :-{ı▓ #projectdiscovey #bugbounty #cyberresearch

Backdoors & Breaches | Introducing the ALL NEW Online Platform 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Backdoors & Breaches originated as a tabletop training exercise. Recently, we added a competitive version. TODAY, we're announcing a brand-new online home for Backdoors & Breaches. Join Tim Doerges and Seth Benning as they demo how users can play against each other online and access all the official Backdoors & Breaches resources.  But that's not all! Want to learn more about the topics on the cards? Tune in to see all the new features that will be accessible by YOU, FOR FREE! Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel.

Originally from BHIS: Backdoors & Breaches | Introducing the ALL NEW Online Platform ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch

Threat Briefing for CISOs: Staying Ahead of the Industrialized Phishing Economy By Flare Research Phishing has quietly crossed a strategic threshold. What began as low-effort social engineering has evolved into a fully industrialized underground economy, complete with modular tooling, subscription pricing, customer support, affiliates, and rapid innovation cycles.  In 2026, phishing kits and phishing-as-a-service (PhaaS) platforms dominate the cybercriminal marketplace, with a clear focus on bypassing […] The post Threat Briefing for CISOs: Staying Ahead of the Industrialized Phishing Economy appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: Threat Briefing for CISOs: Staying Ahead of the Industrialized Phishing Economy ( :-{ı▓ #flare #CTI #cyberresearch

Holocron OpenBrain with Alex Minster | Episode 48 In this episode of BHIS Presents: AI Security Ops, the team is joined by Alex Minster to demo his project: HOLOCRON OpenBrain with — a persistent, model-agnostic memory layer designed to solve one of the biggest frustrations in AI workflows. Instead of starting from scratch every time you open a new chat, Alex’s approach creates a centralized “brain” that multiple AI models can connect to, allowing context, notes, and intelligence to persist across sessions, tools, and even platforms. The result? A flexible system that captures thoughts, ingests threat intel, and generates structured outputs — all without locking you into a single AI provider. We dig into: • The “cold start” problem in AI and why it breaks real workflows • What the OpenBrain HOLOCRON is (and isn’t) • How centralized memory changes the way we interact with AI tools • The architecture: Supabase, OpenRouter, MCP, and multi-model access • Using Discord as a lightweight ingestion pipeline for persistent memory • Real-world CTI workflows: capturing intel and generating reports on demand • Managing, editing, and superseding memory over time • The tradeoffs between context richness and security exposure • Multi-model reliability differences (and why they matter) • Practical setup: what it takes to build your own system This episode highlights a shift in how AI is used operationally: moving from isolated chats to persistent, structured memory systems that can evolve alongside your work. ⸻ ⏱️ Chapters 00:00 – Intro & Guest Introduction (Alex Minster) 00:55 – What Is the OpenBrain HOLOCRON? (Cold Start Problem) 03:00 – How It Works: Centralized Memory & AI Integration 05:30 – Architecture & Free-Tier Stack (Supabase, OpenRouter, MCP) 07:54 – Demo: Capturing Thoughts via Discord 10:55 – CTI Use Case: Prioritizing & Querying Intelligence 14:03 – Managing Memory: Editing, Deleting & Superseding Data 19:04 – Running Protocols: Automated CTI Reports (Demo) 22:05 – Multi-Brain Concept & Segmentation 25:00 – Real-World Output: Reports, Dashboards & Briefings 31:31 – Multi-Model Differences (Claude vs ChatGPT) 36:26 – Improving the System with Feedback Loops 38:13 – How to Build Your Own OpenBrain 42:10 – Real-World Benefits & Workflow Improvements 46:28 – Security Considerations & Data Exposure Risks 48:04 – Where to Find the Project & Contribute 51:00 – Final Thoughts & Wrap-Up ⸻ 📚 Key Concepts & Topics Persistent AI Memory • Solving the “cold start” problem • Centralized context across multiple models • Structured vs raw data ingestion AI Architecture & Tooling • Supabase as a backend memory store • OpenRouter for multi-model access • MCP protocol for integrations Cyber Threat Intelligence (CTI) • Capturing, tagging, and prioritizing intel • Generating automated reports and dashboards • Context-aware intelligence workflows Security & Privacy • Need-to-know data design • Avoiding overexposure via full integrations (email, docs, etc.) • Auditing and removing sensitive data Operational Workflows • Capturing ideas, notes, and research • Multi-project memory segmentation (“multiple brains”) • Using AI to accelerate—not replace—analysis 🔗 HOLOCRON GitHub Guide: https://github.com/belouve/open-brain-holocron 🔗 Alex Minster: https://www.linkedin.com/in/alexminster/ #AISecurity #CyberSecurity #AIWorkflows #LLM #ThreatIntel #DevSecOps #BHIS #OpenSource #AIEngineering ---------------------------------------------------------------------------------------------- About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/ About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/ About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/ About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

Originally from Holocron OpenBrain with Alex Minster | Episode 48 ( :-{ı▓

Mythos, Memory Loss, and the Part InfoSec Keeps Missing InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like the old rules no longer apply, and half the industry suddenly…

Originally from TrustedSec: Mythos, Memory Loss, and the Part InfoSec Keeps Missing ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Dungeons & Daemons #TrustedSec #rpg #hacker Where Hackers Become Legends! Play now: https://dnd.trustedsec.net/

Originally from From TrustedSec: Dungeons & Daemons #TrustedSec #rpg #hacker ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North Korean threat actor Sapphire Sleet that abuses user driven execution and social engineering to bypass macOS security protections and steal credentials, cryptocurrency assets, and sensitive data. The post Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise appeared first on Microsoft Security Blog.

Originally from MS Threat Intel: Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise ( :-{ı▓ #CTI #cybersecurity #cyberresearch

A Deep Dive Into Attempted Exploitation of CVE-2023-33538 CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42.

Originally from Unit 42: A Deep Dive Into Attempted Exploitation of CVE-2023-33538 ( :-{ı▓ #unit42 #threathunting #cyberresearch

The case for dependency cooldowns in a post-axios world Understanding npm and the importance of dependency cooldowns.

Originally from DataDog: The case for dependency cooldowns in a post-axios world ( :-{ı▓ #cloudsecurity #datadog #cyberresearch

Dungeons and Daemons Play Roll for Initiative. Hack the Planet.Dungeons & Daemons is a cybersecurity RPG that drops you into the boots of a Red Team operator on a live engagement. Your mission: infiltrate a corporate facility,…

Originally from TrustedSec: Dungeons and Daemons ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Identity, browsers, and node.js: Everything you missed in the Threat Detection Report miniseries Get cliff notes from our three-part deep dive into the 2026 Threat Detection Report and watch every episode, on demand now.

Originally from Red Canary: Identity, browsers, and node.js: Everything you missed in the Threat Detection Report miniseries ( :-{ı▓ #threatintel #redcanary #cyberresearch

Webinar - You Had Us at the First Alert: A Guide to Finding Frequently Missed Detections Red teamers don't always slip through undetected—sometimes the alerts are firing, but no one acts on them. In this webinar, TrustedSec's Targeted Operations team reveals the detections that were there all along, flying under the radar. Drawing from real-world engagements, this webinar will walk through the most commonly missed alerts, why they get overlooked, and the small, actionable changes that would have stopped the red team in their tracks. Our experts will cover: - The most frequently missed detections from TrustedSec red team engagements - Why teams don’t act on high-fidelity alerts and how to change that - Small, low-lift detection improvements with outsized impact - Practical guidance SOC teams can apply immediately to strengthen their defenses Join Targeted Operations Practice Lead Jason Lang, Principal Security Consultant Scot Berner, and Senior Security Consultant Melvin Langvik as they walk through steps to better prioritize and tune alerts to surface real threats faster. Designed specifically for defenders and SOC teams, this session bridges the gap between red team tradecraft and blue team detection. You'll leave with a clearer picture of where your detection coverage has blind spots and a practical roadmap for closing them before a real adversary takes advantage.

Originally from From TrustedSec: Webinar - You Had Us at the First Alert: A Guide to Finding Frequently Missed Detections ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Signed, Trusted, and Abused: Proxy Execution via WebView2 An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods. The post Signed, Trusted, and Abused: Proxy Execution via WebView2 appeared first on Black Hills Information Security, Inc..

Originally from BHIS: Signed, Trusted, and Abused: Proxy Execution via WebView2 ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

New: Use response actions to update Zscaler policies and block threats A new integration gives teams an easy way to update Zscaler Internet Access (ZIA) network policies using Red Canary response actions.

Originally from Red Canary: New: Use response actions to update Zscaler policies and block threats ( :-{ı▓ #threatintel #redcanary #cyberresearch

The Identity Kill Chain: A Complete History of Identity Security from Passwords to AI Agents By Serge-Olivier Paquette, Chief Product Officer How six decades of architectural decisions created, and continue to shape, the primary attack surface of the modern enterprise. In 1962, a Ph.D. candidate at MIT named Allan Scherr printed out the CTSS (Compatible Time-Sharing System) password file to steal extra computing time. 63 years later, a self-replicating npm […] The post The Identity Kill Chain: A Complete History of Identity Security from Passwords to AI Agents appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: The Identity Kill Chain: A Complete History of Identity Security from Passwords to AI Agents ( :-{ı▓ #flare #CTI #cyberresearch

Benchmarking Self-Hosted LLMs for Offensive Security We put LLMs to the test—let's find out how good AI is at hacking! We walk through six simple challenges with intentionally naïve setups to test how capable each model is at single-step exploit validation.

Originally from TrustedSec: Benchmarking Self-Hosted LLMs for Offensive Security ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Golden Age of AI Agents: Think Like a Boss and Work Like a Hacker | Jaclyn (Jax) Scott Golden Age of AI Agents: Think Like a Boss and Work Like a Hacker Presenter: Jaclyn (Jax) Scott Want to work smarter, not harder and still feel confident and in control while doing it? This talk breaks down how today’s executive leaders are quietly using AI tools and autonomous agents to streamline their days, increase productivity, and make high-impact decisions without burning out. Jax pulls back the curtain on real workflows and uses cases that show how AI agents can handle the repetitive and time-consuming tasks that slow people down. While the examples start at the executive level, the techniques apply directly to red teamers, blue teamers, and anyone looking to break into cybersecurity. You’ll learn practical ways to automate routine work, enhance your daily workflow, and operate at a higher level. Expect live demonstrations, real-world scenarios, and a straightforward look at how AI agents are actually being used today. Rather than building agents from scratch, this high-level session focuses on understanding the techniques, prompt strategies, and integrations behind existing tools. Think of it as ChatGPT acting like your personal chief of staff, helping you work faster, smarter, and with more impact. 00:00 – Intro, Audience Poll & Expectations 01:42 – Talk Scope & Foundations (What AI / Agentic AI Is and Isn’t) 03:55 – AI Evolution: Agents → Agentic → Fully Autonomous Systems 06:52 – How AI Agents Work (Task, Model, Tools, Output) 10:21 – Agentic Capabilities (Planning, Tool Use, Multi-Agent Systems) 15:32 – Risks & Security Considerations (Prompt Injection, Vulnerabilities) 18:18 – Tools, No-Code vs Low-Code & Getting Started 21:50 – Real-World Use Cases (Automation, Data Analysis, Communication) 33:12 – Live Demo: Building AI Agents & Workflow Automation 40:45 – Agentic AI in Practice, Risks, Digital Workforce & Q&A Sign Up for WWHF https://wildwesthackinfest.com/register/ #cybersecurity #infosec #ai #automation #productivity #careerincyber #wwhf #wwhf2026 ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

Originally from From WWHF: Golden Age of AI Agents: Think Like a Boss and Work Like a Hacker | Jaclyn (Jax) Scott ( :-{ı▓ #WWHF #BHIS #cyberresearch

LiteLLM Supply Chain Compromise | Episode 47 In this episode of BHIS Presents: AI Security Ops, the team breaks down the LiteLLM supply chain compromise–a real-world attack that shows how AI systems are being breached through the same old software supply chain weaknesses. What initially looked like a bad release quickly escalated into a full-scale compromise affecting a library downloaded millions of times per day. But LiteLLM wasn’t the starting point–it was just one link in a much larger attack chain involving compromised security tools, CI/CD pipelines, and stolen publishing credentials. The result? Malicious packages distributed at scale, harvesting secrets, enabling lateral movement, and establishing persistence across affected systems. We dig into: • What LiteLLM is and why it’s such a high-value target • How the attack chain started with compromised security tooling (Trivy, Checkmarx) • How unpinned dependencies enabled the compromise • The role of CI/CD pipelines in exposing sensitive credentials • What the malicious LiteLLM packages actually did (credential harvesting, persistence, lateral movement) • The scale of impact given LiteLLM’s widespread adoption • Why supply chain attacks are no longer theoretical–and no longer nation-state exclusive • How AI is lowering the barrier to entry for attackers • Why this wasn’t really an “AI vulnerability”–but an infrastructure failure • The growing risk of automated, agent-driven attack discovery This episode highlights a critical reality: the biggest risks in AI systems aren’t always in the models–they’re in the pipelines, dependencies, and infrastructure surrounding them. ⸻ ⏱️ Chapters 00:00 – Intro & Incident Overview 01:25 – What Is LiteLLM & Why It Matters 03:53 – Supply Chain Scope & Why This Is Dangerous 05:22 – Why These Attacks Are Getting Easier (AI + Scale) 07:31 – Attack Chain Breakdown (Trivy → Checkmarx → LiteLLM) 10:55 – What the Malware Did & Impact at Scale 12:33 – Detection, Response & Who Was Safe 14:43 – Key Takeaways & Defensive Lessons ⸻ 📚 Key Concepts & Topics Supply Chain Security • Dependency poisoning and malicious package distribution • CI/CD pipeline compromise • Version pinning and build integrity Credential & Secrets Exposure • API keys, SSH keys, and cloud credentials in pipelines • Risks of centralized AI gateways like LiteLLM Threat Actor Techniques • Tag rewriting and trusted reference hijacking • Multi-stage malware (harvest, lateral movement, persistence) • Use of lookalike domains for exfiltration AI & Security Reality Check • AI as an amplifier, not the root vulnerability • Traditional security failures in modern AI stacks • Automation lowering attacker barriers Defensive Strategies • Dependency pinning and isolation (Docker, VPS) • Atomic credential rotation • Treating CI/CD tools as critical infrastructure • Monitoring outbound traffic from build environments #AISecurity #SupplyChainSecurity #LiteLLM #CyberSecurity #LLMSecurity #DevSecOps #AIInfrastructure #BHIS #InfoSec ---------------------------------------------------------------------------------------------- About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/ About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/ About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/ About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/ About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

Originally from LiteLLM Supply Chain Compromise | Episode 47 ( :-{ı▓

Week 15 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and response across email, files, and accounts. From automating phishing remediation to revoking risky OAuth permissions and auditing file shares, we eliminate manual toil. Stop fighting fragmented consoles. Simplify […]

Originally from This Week in 4n6: Week 15 – 2026 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

I'm In Your Logs Now, Deceiving Your Analysts and Blinding Your EDR | Olaf Hartong I'm In Your Logs Now, Deceiving Your Analysts and Blinding Your EDR Presenter: Olaf Hartong What if you could use Event Tracing for Windows to manipulate telemetry itself, pushing the limits of what blue and red teams believe they can trust? ETW is foundational to Windows, powering both Event Logs and the telemetry that EDR tools rely on. In this talk, you will learn how injecting custom events into the ETW stream can be used safely by defenders to simulate attack activity without executing real malicious actions on production systems. You will also see how adversaries could exploit the same technique to mislead analysts or even trigger EDR capping mechanisms that cause tools like Microsoft Defender for Endpoint to stop logging critical events. The session will include demonstrations of telemetry injection, event capping exploitation, and how overwhelming ETW events can suppress genuine threat signals. You will also learn how automated risk scoring can escalate quickly enough to revoke device access. Finally, the talk explores a parallel research effort revealing how fake devices can be onboarded and used to generate arbitrary telemetry without the need for code execution, enabling powerful new options for deception and disruption. 00:00 – Intro & Speaker Background 02:26 – What is ETW (Event Tracing for Windows)? 06:09 – Existing ETW Attacks & Limitations 07:05 – Why EDRs Rely on ETW 10:40 – Event Injection Concept (Blue vs Red Use) 12:10 – How ETW Event Spoofing Works 21:01 – Building the PoC & Injecting Telemetry 22:56 – Exploiting EDR Capping (Blinding Detection) 33:17 – Buffer Flooding Attack (Suppressing Telemetry) 39:56 – Conclusions: You Can’t Fully Trust Logs Sign Up for WWHF https://wildwesthackinfest.com/register/ #wwhf #wwhf2026 #etw #windowssecurity #blueteam #redteam #edr #defenderforendpoint #telemetry #cybersecurity ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

Originally from From WWHF: I'm In Your Logs Now, Deceiving Your Analysts and Blinding Your EDR | Olaf Hartong ( :-{ı▓ #WWHF #BHIS #cyberresearch

BHIS - Talkin' Bout [infosec] News 2026-04-13 Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Originally from BHIS: BHIS - Talkin' Bout [infosec] News 2026-04-13 ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch